It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user.
{ "binaries": [ { "binary_name": "munin", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-async", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-common", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-doc", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-node", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-plugins-core", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-plugins-extra", "binary_version": "2.0.19-3ubuntu0.2" }, { "binary_name": "munin-plugins-java", "binary_version": "2.0.19-3ubuntu0.2" } ], "availability": "No subscription required" }